Skip to main content

Emotet botnet taken offline in huge police operation

network
(Image credit: Image Credit: Flex)

The Emotet botnet is no more. A joint effort between law enforcement agencies from the UK, US, Canada and the EU resulted in the takedown of “thousands of computers” that were running the malicious network, the BBC reported.

Announcing the successful takedown, Europol described Emotet as "one of most significant botnets of the past decade" and one of the main "door openers" for computers everywhere. The botnet comprised of thousands of devices, which distributed the Emotet malware through spam messages.

"Once this unauthorized access was established, [access to the devices] was sold to other top-level criminal groups to deploy further illicit activities such data theft and extortion through ransomware," said the agency.

Cybersecurity experts praised the takedown, with Lotem Finkelstein of Check Point Software telling the BBC that consumers were losing millions of dollars to this malware.

Experts also believe that it’s highly unlikely the operators will be able to rebuild. They weren’t caught during the takedown, but rebuilding such a network is a slow and tedious process.

“They have enough cash to retire in peace - or start a new criminal adventure,” said Dmitry Smilyanets at Recorded Future. "A working botnet is a very complicated and gentle system. If more than a half of the infrastructure is not working, it's safe to say bye-bye."

The Emotet botnet was known to send out innocent-looking emails that asked the victim to urgently download a Word attachment and view its contents. Opening the Word document would trigger a macro and download the malware onto the device. After that, the device would be compromised and access to it sold on the black market.